If true this will give IT managers fits, and if not addressed by the SIP standards folks at the IETF very soon, will have a chilling affect on the growth of IP based telephony world, first and foremost in the enterprise space that Microsoft is chasing with its SIP based Live Communications and Unified Communications efforts.

Given how much news gets generated around bugs and exploits in MSFT Windows OS' this will give the market audiences a field day with their voice products.

It also means that networks like Vonage, that don't currently have a very aggressive security operations compared to AT&T's CallVantage group, and other small operators (i.e. Broadvoice, Earthlink, VoicePulse, Lingo, SipPhone, etc.) may have to beef up their security and begin to look seriously at this issue.

Nothing would be worse than having the wrong person here the wrong thing....

Comments

You can follow this conversation by subscribing to the comment feed for this post.

Come on, Andy, I can't believe you were fooled by this. Tools like this have been available for ages. I remember using one of them to record some phone calls I needed to record a few years ago because it was easier than sticking a suction cup recorder on the end of my phone handset. They are also used commonly in the call center industry and for debugging SIP work.

This is just a ploy by the security consultant to drum up some attention, I suspect -- unless he's a poor enough security consultant to not have known about the existing recorders.

I'm the group program manager for the Office Communications Server product at Microsoft and would be happy to discuss how we achieve secure voice communications *without* using a VPN. The technology is available today though adoption may not be as broad as you would like.